Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 07-12-2016 Gestart door Marijke (Beheerder) op GBG-PC (12-12-2016 18:49:15) Gestart vanaf C:\Users\Marijke\Desktop Geladen Profielen: Marijke (Beschikbare Profielen: Marijke) Platform: Windows 10 Home Versie 1607 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: FF) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe ( Rsupport Corporation) C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (AMD) C:\Windows\System32\atieclxx.exe () C:\Program Files (x86)\RSUPPORT\MobizenService\dat\adb.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe () C:\Program Files\WindowsApps\Microsoft.XboxApp_22.24.1006.0_x64__8wekyb3d8bbwe\XboxApp.exe () C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.4.1.0_x86__wgeqdkkx372wm\Twitter.Windows.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe () C:\Program Files\WindowsApps\Microsoft.People_10.1.3160.0_x64__8wekyb3d8bbwe\PeopleApp.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7705.42037.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7705.42037.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Register (gefilterd) ==================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25838592 2016-11-28] (Dropbox, Inc.) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-1570371235-2686225424-1450077891-1002\...\Run: [Spotify Web Helper] => C:\Users\Marijke\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-12-08] (Spotify Ltd) HKU\S-1-5-21-1570371235-2686225424-1450077891-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1570371235-2686225424-1450077891-1002\...\Run: [Spotify] => C:\Users\Marijke\AppData\Roaming\Spotify\Spotify.exe [7736128 2015-12-08] (Spotify Ltd) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Marijke\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll [2016-10-11] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Marijke\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll [2016-10-11] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Marijke\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll [2016-10-11] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Marijke\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll [2016-10-11] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Marijke\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll [2016-10-11] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Marijke\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll [2016-10-11] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) Startup: C:\Users\Marijke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Deskjet 2540 series.lnk [2015-07-19] ShortcutTarget: Inktwaarschuwingen controleren - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Hosts: Er zijn meer dan één item in Hosts. Zie Hosts deel van Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 195.241.77.55 195.241.77.58 Tcpip\..\Interfaces\{5a9dad2f-ae0a-4c8a-b7d8-d08dcbd2aa26}: [DhcpNameServer] 192.168.1.254 195.241.77.55 195.241.77.58 Tcpip\..\Interfaces\{f27725b4-24f6-4717-859b-286c737424be}: [DhcpNameServer] 192.168.11.1 Internet Explorer: ================== HKU\S-1-5-21-1570371235-2686225424-1450077891-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={7402F572-5EC8-49B6-8D7C-E16709A90002}&mid=8bc6fb6cf16b47cd9d6de9a3e10c2e68-2111a1dd9a51c844609dad23bf47c42ccae29987&lang=nl&ds=AVG&coid=avgtbavg&cmpid=0316av&pr=fr&d=2015-02-28 16:06:43&v=4.2.9.726&pid=wtu&sg=&sap=hp HKU\S-1-5-21-1570371235-2686225424-1450077891-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/8 SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-1570371235-2686225424-1450077891-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = SearchScopes: HKU\S-1-5-21-1570371235-2686225424-1450077891-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1570371235-2686225424-1450077891-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.) BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-01-09] (pdfforge GbR) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-01-09] (pdfforge GbR) DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-09-19] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Marijke\AppData\Roaming\Mozilla\Firefox\Profiles\a4u3lofo.default [2016-12-12] FF Homepage: Mozilla\Firefox\Profiles\a4u3lofo.default -> www.google.nl FF Extension: (AVG Web TuneUp) - C:\Users\Marijke\AppData\Roaming\Mozilla\Firefox\Profiles\a4u3lofo.default\Extensions\avg@toolbar.xpi [2016-09-29] FF Extension: (Adblock Plus) - C:\Users\Marijke\AppData\Roaming\Mozilla\Firefox\Profiles\a4u3lofo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-13] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-13] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.) FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [Geen bestand] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-23] (Advanced Micro Devices, Inc.) [Bestand niet getekend] S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-11-02] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337696 2016-11-02] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-11-02] (AVG Technologies CZ, s.r.o.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-24] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-24] (Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-11-28] (Dropbox, Inc.) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [Bestand niet getekend] S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [1278280 2016-10-24] ( Rsupport Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Bestand niet getekend] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-10-17] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [267520 2016-10-19] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.) R0 avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2015-02-24] (Disc Soft Ltd) S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-10] (Symantec Corporation) S3 EraserUtilDrv11220; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [138912 2013-08-21] (Symantec Corporation) S3 EraserUtilDrv11311; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [140376 2013-08-27] (Symantec Corporation) S3 EraserUtilDrv11312; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [137648 2014-02-10] (Symantec Corporation) [Bestand niet getekend] S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-02-28] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.) R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.) S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated) S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) S3 dbx; system32\DRIVERS\dbx.sys [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2016-12-12 18:48 - 2016-12-12 18:49 - 02420224 _____ (Farbar) C:\Users\Marijke\Desktop\FRST64.exe 2016-12-12 18:44 - 2016-12-12 18:49 - 00025371 _____ C:\Users\Marijke\Desktop\FRST.txt 2016-12-12 18:44 - 2016-12-12 18:44 - 00000000 ____D C:\FRST 2016-12-07 15:36 - 2016-12-07 15:36 - 00103526 _____ C:\Users\Marijke\Downloads\Jaarafrekening-Sat 2016-12-05 20:05 - 2016-12-05 20:05 - 00000000 ____D C:\Users\Marijke\AppData\Local\NetworkTiles 2016-12-05 19:02 - 2016-12-05 19:02 - 00000000 ____D C:\ProgramData\Avg_Update_1216avz 2016-12-05 19:01 - 2016-12-05 19:01 - 00000000 ____D C:\zoek 2016-12-03 20:00 - 2016-12-03 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-12-03 14:44 - 2016-12-05 19:11 - 00003144 _____ C:\runcheck.txt 2016-12-03 14:39 - 2016-12-03 14:39 - 01309184 _____ C:\Users\Marijke\Desktop\zoek.exe 2016-11-28 22:06 - 2016-11-28 22:06 - 00000000 ____D C:\Users\Marijke\AppData\Roaming\AVG 2016-11-28 21:17 - 2016-11-28 21:17 - 00000000 ____D C:\Program Files (x86)\trend micro 2016-11-28 15:05 - 2016-11-28 15:05 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2016-11-28 15:05 - 2016-11-28 15:05 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2016-11-28 15:05 - 2016-11-28 15:05 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2016-11-28 15:05 - 2016-11-28 15:05 - 00042096 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2016-11-22 23:21 - 2016-11-22 23:21 - 00000000 ____D C:\Users\Marijke\Tekenen 2016-11-16 18:29 - 2016-12-12 18:35 - 00000000 ____D C:\Users\Marijke\AppData\LocalLow\Mozilla 2016-11-16 15:00 - 2016-12-03 14:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-11-12 12:37 - 2016-11-28 22:05 - 00000943 _____ C:\Users\Public\Desktop\AVG.lnk 2016-11-12 12:36 - 2016-11-28 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2016-11-12 12:34 - 2016-12-12 10:56 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task 2016-11-12 12:33 - 2016-11-12 12:41 - 00000000 ____D C:\ProgramData\Avg ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2016-12-12 18:40 - 2016-10-06 12:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-12-12 10:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-12-12 10:58 - 2013-02-15 19:43 - 00000000 ____D C:\Users\Marijke\AppData\Local\Adobe 2016-12-12 10:54 - 2015-02-28 15:44 - 00000000 ____D C:\ProgramData\MFAData 2016-12-12 00:04 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2016-12-11 23:59 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-12-10 17:48 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2016-12-09 13:40 - 2016-10-06 13:16 - 00003254 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMarijke 2016-12-09 13:40 - 2016-05-20 11:26 - 00000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMarijke.job 2016-12-05 19:05 - 2015-03-01 18:06 - 00000000 ____D C:\zoek_backup 2016-12-03 20:08 - 2016-10-06 12:37 - 02102508 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-12-03 20:08 - 2016-07-16 23:15 - 00811608 _____ C:\WINDOWS\system32\perfh013.dat 2016-12-03 20:08 - 2016-07-16 23:15 - 00186316 _____ C:\WINDOWS\system32\perfc013.dat 2016-12-03 20:06 - 2016-03-24 19:34 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-12-03 19:54 - 2016-10-06 13:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-12-03 19:54 - 2016-03-24 19:34 - 00001030 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2016-12-03 19:54 - 2016-03-24 19:34 - 00001026 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2016-12-03 19:53 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2016-12-03 19:53 - 2016-03-28 17:49 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2016-12-03 19:51 - 2016-10-06 13:16 - 00004090 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA 2016-12-03 19:51 - 2016-10-06 13:16 - 00003858 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore 2016-12-03 16:23 - 2014-09-01 15:35 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2016-12-03 16:21 - 2014-09-01 15:34 - 00000000 ____D C:\Users\Marijke\AppData\Local\Battle.net 2016-12-03 16:14 - 2014-09-01 15:34 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-12-03 15:48 - 2016-10-06 12:37 - 00000000 ____D C:\Users\Marijke 2016-12-03 15:39 - 2014-07-02 14:43 - 00000000 ____D C:\Users\Marijke\Desktop\kindje 2016-12-03 14:35 - 2013-02-15 15:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-12-03 14:33 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-12-02 15:25 - 2013-02-14 11:02 - 00000000 ____D C:\Users\Marijke\AppData\Local\Packages 2016-11-28 22:02 - 2015-02-28 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2016-11-28 22:00 - 2015-02-28 15:53 - 00000000 ___HD C:\$AVG 2016-11-28 21:35 - 2013-02-15 18:16 - 00000940 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-11-28 21:17 - 2015-03-01 16:57 - 00000000 ____D C:\Program Files\trend micro 2016-11-26 16:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-11-24 15:33 - 2013-02-23 19:24 - 00000000 ____D C:\Users\Marijke\Desktop\Humanitas 2016-11-19 19:25 - 2015-01-18 01:32 - 00000000 ____D C:\Users\Marijke\Kapsels 2016-11-18 14:15 - 2015-05-27 09:28 - 00000000 ____D C:\Users\Marijke\AppData\Local\Avg 2016-11-13 01:24 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-11-13 01:24 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-11-12 12:48 - 2015-02-28 15:52 - 00000000 ____D C:\Program Files (x86)\AVG 2016-11-12 12:46 - 2016-07-16 12:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP ==================== Bestanden in de root van sommige mappen ======= 2015-04-06 20:53 - 2015-04-06 20:53 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-02-14 11:04 - 2013-02-14 11:04 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc Sommige bestanden in TEMP: ==================== C:\Users\Marijke\AppData\Local\Temp\7za.exe C:\Users\Marijke\AppData\Local\Temp\DaS_21.exe C:\Users\Marijke\AppData\Local\Temp\hijackthis.exe C:\Users\Marijke\AppData\Local\Temp\NirCmd.exe C:\Users\Marijke\AppData\Local\Temp\PEVZ.EXE C:\Users\Marijke\AppData\Local\Temp\remove.exe C:\Users\Marijke\AppData\Local\Temp\sed.exe C:\Users\Marijke\AppData\Local\Temp\shortcut.exe C:\Users\Marijke\AppData\Local\Temp\swreg.exe C:\Users\Marijke\AppData\Local\Temp\swxcacls.exe C:\Users\Marijke\AppData\Local\Temp\wget.exe C:\Users\Marijke\AppData\Local\Temp\zoek-delete.exe ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2016-12-09 14:35 ==================== Eind van FRST.txt ============================